330 likes | 341 Views
Explore the evolving role of internal audit in response to economic crisis and technological advancements, incorporating international standards and regulations. Discover new trends and strategies to enhance risk management, control, and governance processes.
E N D
Arising Importance of Audit due to Present Economic Developments Korcan DEMİRCİOĞLU, Ph-D Supervisor Auditor, Garanti Bank
Agenda Definition and Components of Internal Audit International Standards and Regulations about Internal Audit Effects of Economic Crisis and Technological Improvements New Trends and Changing Role of Internal Audit
Definition of Internal Audit • Internal audit helps an organization to • accomplish its objectives by bringing • a systematic, disciplined approach to • evaluate and improve the effectiveness of • risk management, • control, • governance processes. • Internal Auditis an independent, objective assurance and consulting activity designed to add value and improve an organization's operations.
Corporate Governance Corporate governance is a general system which promotes enterprise orientation and control structure. As generally accepted international corporate governance understanding involves; • Equality, • Transparency, • Accountability and • Liability.
Risk Management Risk management is a process which satisfies appropriate transition or exchange between risk and yield and adds “value” to the organization. Risk management concerns all departments. TAKING NECESSARY ACTIONS IDENTIFICATIONOF RISKS PRIORITIZATION OF RISKS 2. Prioritization of Risk Probability of the Risk Severity of the Risk 3. Taking Necessary Actions Acceptance Transferring Controlling 1. Identification of Risks Defining the risks Measuring the risks Analysis the risks Reporting
Internal Control Control is one of the actions which are taken to mitigate the effects of the risks in terms of; • Safeguarding of assets, • Compliance with laws, regulations, and aggrements, • Reliability and integrity of financial and operational information, • Effectiveness and efficiency of operations. Basic Control Activity Examples are; • Authorization Methods • Limit Applications • Decompositions of Tasks • Policy and Procedures • Task Descriptions and Responsibilities • Reconcilement Methods
International Standards and Regulations about Internal Audit
Regulations about Internal Audit Regulations in Turkey - 5411 numbered Banking Law - Arrangements of BRSA - Arrangements of Capital Markets Boards Of Turkey International Regulations - Regulations by Basel Committee - Regulations by Professional Associations (IFAC, IICPA, etc.)
Standards of Internal Audit A. ATTRIBUTE STANDARDS • Purpose, Authority and Responsibilities • Independency and Objectiveness • Proficiency and Due Professional Care • Quality, Assurance and Improvement Program B. PERFORMANCE STANDARDS • Management of Internal Audit Activities • Quality of Work • Engagement Planning • Performing Engagement • Reporting Results • Observing Developments • Acceptance of Residual Risks by Management
Attribute Standards Purpose, Authority and Responsibilities Purpose, authority and responsibilities of internal audit activities should be obviously declared in the charter. Independence and Objectivity • Organizational Independence • Individual Objectivity • Impairment to Independence or Objectivity Proficiency and Due Professional Care • Proficiency Requires the knowledge, skills and other competenciesneeded toperform individual responsibilities. • Due Professional Care The care and the skill expected of a reasonably prudent and competent internal auditor. Due professional care does notimply infallibility. • Continuing Professional Development Enhancement of knowledge, skills, and other competencies through continuing professional development.
The Internal Audit Activity Management Performance Standards The chief audit executive must effectively manage the internal audit activity to ensure it adds value to the organization. • Planning • Communication and Approval • Resource Management • Policies and Procedures • Coordination • The Board of Directors, Internal Audit Committee and Reporting to Top Management
Engagement Planning Performance Standards • Engagement Objectives: Setting the engagement objectives, internal auditors should: • Identify and assess risks relevant to the activity under review and the engagement objectives must reflect the results of this assessment, • Consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives. • Consulting engagement objectives should address risks, controls and governance processes to the extent agreed upon with the client. • Scope of Engagement: • The established scope must be sufficient to satisfy the objectives of the engagement. • The scope of the engagement must include consideration of relevant systems, records, personnel, and physical properties, including those under the control of third parties. • Engagement Resource Allocation: Internal auditors must determine appropriate and sufficient resources to achieve engagement objectives based on a plan regarding the below mentioned issues: -an evaluation of the nature of engagement, -complexity of engagement, -time constraints, -available resources.
Performing the Engagement Performance Standards Internal auditors must • identify, • analyze, • evaluate, and • document sufficient information to achieve the engagement's objectives. Recording Information • Internal auditors must document the relevant information to support the conclusions and engagement results. • Thus, it would be beneficial that the Internal auditors prepare working papers.
Communication of theEngagement Results Performance Standards CHIEF AUDIT EXECUTIVE (CAE) Informative Memos about the Annual Activities of the Internal Audit AUDIT COMMITTEE Periodic Activity Report BOARD OF DIRECTORS BRSA (BDDK) Annual Report and Informative Memo
Monitoring Progress Performance Standards • The chief audit executive, • Must establish and maintain a system to monitor the disposition of results communicated to management, • Must establish a follow-up process to monitor and ensure that management actions have been effectively implemented, • Or that senior management has accepted the risk of not taking action (namely, residual risk).
October 07 January 08 June 08 September 08 Important Corporations Which are Negatively Affected or Failed During the Last Crisis
Developments After Crisis • What's Expected? • Reconstruction of the Global Banking System, • RegulatedMarket Economy instead of Free Market Economy– Establishing New Audit/Control System, • Elimination of Weaknesses of Risk Management, • Improvement in the Credit Rating Agencies’ Applications, • New Regulations and Regulatory Institutions in Financial Markets.
Developments After Crisis • Increasing Importance of Audit • Differentiation in Audit Methodologies • Monitoring Audit Results • Attributions and Adequacy of Auditors • Lessons to Take • Risk must be “respected”. Risk management function should be seen equally important as the other functions in Banks, and not be described as a ‘back office’ function. • Risk analysis is an important part of modern risk management. On the other hand, models all alone are not sufficient. • There is limit to regulations. • If the level of exaggerated debts seem to be good in an unbelievable way, then it is really unbelievable.The U.S. banks owned tools which they used mainly to remove their credits from their balance-sheets, their leverage ratios were as much as 600 to 1. • Accounting change everything. The accounting methodology of the credit assets according to the market value (mark to market) increased the volatility in reported losses nearly 50% during the depression period. Accounting must be accounting. There should not be any creative accountancy. • Audit activity should be as much effective as its results are considered. • Volume based promotion redoubles the risk appetite.
Queries • Rating Agencies • What are the standard method for working and decision-making? • How transparent and accountable they are ? • How much their approach and reviews are objective? • These organizations and their reports on global and local base who checks? • The scale of grading the company reflex (reaction time) what should it be?
Queries Market Risk Credit Risk Operational Risk • Risk Management and Risk Management Models • How risk management is proactive ? • Did the Risk management was located in the right position within the bank ? • Risk Management Models • How applicable it is ? • How accurate it is ? • Are control and measurement methods sufficient? The Basel II Banking capital rules did not produce the needed effect on Banks having enough liquidity. Northern Rock and Bradford & Bingley did cover the requirements related to “capital” but it did not prevent them from bankruptcy. (The Independent)
Queries • Audit Principles • Internal Audit • Independency • Sanction Power • Risk Oriented • Qualitative Adequacy • External Audit • Regulations • Standards
Queries • Board of Directors and Top Management • Volume Focused and Premiums • Audit Committee Acts • Functions of Independent Administrative Board • Corporate Governance
New Trends in Audit • Risk Oriented Audit • Continuous Audit and Supervision • Information System(IT) Audit
Risk Oriented Audit Concept • Identification • Specify Resources • Evaluation • Prioritizing AUDIT PLAN RISK Risk Oriented Audit The reasons which are below have changed working concept of audit departments. Also risk oriented audit has found acceptance due to those reasons; • Control resources are not unlimited. • Controlled activities face different risks. • Controlled unit activities has relatively different severity levels. Purpose: Transferring Resources of Audit to Most Risky Areas!
Continuous Audit and Supervision Deriving benefits from IT, • Continuous supervision of processes, • Checking immediately afterwards the process, • Warning system before the process
IT Audit • Information Systems provide more effective works with less errors, so it causes more addiction to IS. Important processes are done by using Information Systems. • IT systems are vulnerable to many risks. • Authentication • Non-deniable • Data Integrity/Consistency • Data Confidentiality (Privacy) • Business Continuity • Accordance of Legal Arrangements • Regulations to suggest some requirements about IT Audits.
Standards of IT Audit COBIT is an IT Management and Audit Model and legislatively accepted standard in IT Audits in Turkey. • CMMI: Software Development Process Standards • ISO: Service/Service Management Standards • ITIL: Information/System Security Standards • Service/Service Management Standards
TRADITIONAL Detection Functional Including whole Once Partial Changing Approaches in Audit MODERN • Prevention • Processbased • Risk oriented • Continuous • Integrated